Thierry Bordaz

**Name of the Vulnerable Software and Affected Versions** 389-ds-base versions 1.4.1.2 and earlier **Description** The issue allows an unauthenticated attacker to create hanging LDAP requests, potentially hanging all worker threads and resulting in a Denial of Service. This occurs because connections using SSL/TLS do not take into account the 'ioblocktimeout' during reads, unlike un-encrypted requests. **Recommendations** For 389-ds-base versions 1.4.1.2 and earlier, consider disabling SSL/TLS connections or restricting the use of LDAP requests until a patch is available. As a temporary workaround, adjust the 'ioblocktimeout' value to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** 389 Directory Server versions prior to 1.3.0.4 **Description** The issue allows remote attackers to cause a denial of service, resulting in a crash, by sending a zero length LDAP control sequence. **Recommendations** For versions prior to 1.3.0.4, update to version 1.3.0.4 or later to resolve the issue.